Was the Stored Communications Act Actually Violated in City of Ontario v. Quon?

At today’s oral argument in City of Ontario v. Quon, several Justices took the view that whether Fourth Amendment “reasonable expectation of privacy” existed in the case depended in part on whether the disclosure violated the Stored Communications Act (SCA), an electronic privacy statute. That raises a surprisingly tricky question: Was the Stored Communications Act actually violated in the Quon case?

The Justices seemed to think the disclosure violated the Stored Communications Act, presumably because the Ninth Circuit had held that Arch Wireless was a provider of electronic communication service that could not disclose Quon’s messages to the government. But if the Justices conclude that the Fourth Amendment issue granted in Quon depends on whether the SCA was actually violated, then presumably the Ninth Circuit’s analysis isn’t law of the case (that is, binding on the Supreme Court) and the Justices need to do an independent analysis of whether the disclosure violated the SCA. That turns out to be quite uncertain, and I wanted to explain why.

Here are the facts. The city hired Arch Wireless to provide pager service, and then gave the pagers to individual police officers to use. Arch Wireless made copies of all sent and received text messages for billing purposes. The city later asked Arch Wireless for copies of the texts, and Arch Wireless then provided the transcripts to the city. The city looked through the transcripts, finding the non-work related text messages that led to the lawsuit.

So was the SCA violated? In the district court and the Ninth Circuit, the plaintiffs litigated the issue under the voluntary disclosure provisions of 18 U.S.C. 2702. Under that provision, providers generally cannot disclose the contents of communications it is holding, with a series of possible exceptions. The exception litigated below was 2702(b)(3), which says that disclosure is allowed:

with the lawful consent of the originator or an addressee or intended recipient of such communication, or the subscriber in the case of remote computing service;

The litigants in Quon agreed that the City of Ontario was the “subscriber” of the text messages, in that it had actually purchased the service, but that the city was not an “originator or an addressee or intended recipient of such communication.” As litigated in Quon, then, the legal question was whether Arch was acting as a “remote computing service” or an “electronic communication service” in its storage of the texts. If it was acting as a remote computing service, it could disclose to the City, as the City was the subscriber; if it was acting as an electronic communication service, it could not disclose to the City, as the City was not an “originator or an addressee or intended recipient of such communication.”

The Ninth Circuit concluded that Arch Wireless was acting as a provider of electronic communication service with respect to the stored texts, and therefore that it could only disclose with the consent of Quon, not the City. The court concluded:

We hold that Arch Wireless provided an “electronic communication service” to the City. The parties do not dispute that Arch Wireless acted “knowingly” when it released the transcripts to the City. When Arch Wireless knowingly turned over the text-messaging transcripts to the City, which was a “subscriber,” not “an addressee or intended recipient of such communication,” it violated the SCA, 18 U.S.C. § 2702(a)(1). Accordingly, judgment in Appellants’ favor on their claims against Arch Wireless is appropriate as a matter of law, and we remand to the district court for proceedings consistent with this holding.

I think the Ninth Circuit was right that Arch Wireless was acting as a provider of ECS, not RCS, for essentially the reasons that the Ninth Circuit explained. (Full disclosure: The Ninth Circuit cited one of my articles in support of its holding.) But I think the Ninth Circuit was wrong to end the analysis there. In particular, the Ninth Circuit failed to consider the next step in the analysis, whether Jeff Quon had consented to the disclosure as a matter of law under the workplace privacy policy, permitting the disclosure.

To understand this issue, you need to realize that the exception in 2702(b)(3) is a consent exception. This consent exception has generally been understood as adopting the standard of consent that Congress has used in its related statute, the Wiretap Act, and specifically the Wiretap Act’s consent exception found in 18 U.S.C. 2511(2)(c) and (2)(d). See LaFave, et. al. 2 Criminal Procedure 4.8(e) at 540 (3d ed. 2007). There is lots of litigation on the consent exception in 2511(2)(c) and (2)(d), and the lower courts have agreed that consent under the Wiretap Act is a pretty low standard: A person who receives notice that monitoring may occur “consents” to that monitoring by proceeding in light of notice. See,e .g., United States v. Willoughby, 860 F.2d 15 (2d Cir.1988); United States v. Workman, 80 F.3d 688 (2d Cir.1996).

As an aside, this low standard is the reason why you’ll often hear that “calls may be monitored for quality assurance” when you call a help number. By telling you that they may record the call, the companies are getting your consent to record the call, which they may need depending on whether your state Wiretap statute is a so-called “all party” consent statute or a one-party consent statute. Of course, this is sort of a weird kind of consent — is letting you know that they might do something really the same as getting your okay to do it? — but that is how courts have interpreted the consent standard in the analogous setting of the Wiretap Act.

If that same standard applies to the Stored Communications Act, which I think it does, then I would think that notice to Jeff Quon that the government does not give him any privacy rights in his government-provided pager should also generate his consent to the disclosure under 2702(b). If that’s right, then the Stored Communications Act was not actually violated: By giving Quon notice, the City obtained his consent, permitting Arch Wireless to disclose the texts to the City. Incidentally, that’s the conclusion a district court reached in a closely analogous case involving disclosed pager communications in a city-provided pager. See Flagg v. City of Detroit, 252 F.R.D. 346, 363-64 (E.D. Mich. 2008) (“Alternatively, even if the Court is mistaken in its conclusion that the service provided by SkyTel is an RCS, there is ample basis to conclude that the City nonetheless has an obligation to secure the requisite consent from its employees that would permit SkyTel to proceed with its retrieval of communications.”).

Now perhaps the SCA requires some sort of more specific consent, like consent to the disclosure specifically instead of a general waiver of privacy. But that’s a question that no court has considered, so we don’t really have any caselaw to go on there. So on the question of whether the SCA was actually violated in this case, I think the answer is, well, I don’t really know: It depends on the meaning of consent in 2702(b), and whether you think that consent standard is the same as the consent standard in the Wiretap Act.

To be sure, the consent issue wasn’t litigated in the Ninth Circuit. The parties made some somewhat puzzling litigation decisions below, and this argument didn’t come up. And if for some reason the lower court’s conclusion that the SCA was violated is binding on the Supreme Court, then so be it. But if a statutory violation is evidence of a constitutional violation on a theory that the statute is good evidence of what society thinks is reasonable, then a careful analysis of the statute itself suggests that it’s not at all clear that the statute was actually violated.